Introduction to Perl Net::LDAP

1,795 views
1,645 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,795
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Introduction to Perl Net::LDAP

  1. 1. Net::LDAP Clément OUDOT FOSDEM 2014
  2. 2. Clément::OUDOT Work 10 Free software 2
  3. 3. Table::of::contents ● ● ● LDAP protocol Net::LDAP Usage examples 3
  4. 4. LDAP 4
  5. 5. LDAP::protocol ● ● ● ● ● ● Defined by standards (RFC) LDAPv2 in 1995, LDAPv3 in 1997 TCP/IP, LBER, ASN1 9 core operations, and extended operations Schema define object classes, attributes, syntaxes and matching rules Data organized hierarchically (tree) 5
  6. 6. Directory::Information::Tree dc=linid,dc=org ou=people uid=coudot ou=structures ou=groups cn=admin 6
  7. 7. Entry::Attribute::Value Entry Attribute Attribute Attribute Attribute Attribute Value Value Value
  8. 8. LDIF ● LDAP Data Interchange Format dn: uid=coudot,ou=users,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top uid: coudot mail: coudot@linagora.com cn: Clément OUDOT sn: OUDOY givenName: Clément
  9. 9. Tips::Devel::LDAP ● ● ● ● ● ● ● LDAP is a connected protocol: 1 connection, several operations For each operation, a return code: test it! LDAPS is deprecated, use startTLS Use LDAPv3 Say hello! (BIND) Say goodbye! (UNBIND) Use search parameters to improve performances
  10. 10. Net::LDAP 10
  11. 11. A module with modules ● ● ● ● ● ● ● Net::LDAP: main module Net::LDAP::LDIF: manipulate LDIF files Net::LDAP::RFC: list of RFC (POD) Net::LDAP::Schema: parse schema Net::LDAP::Extensions::* Net::LDAP::Control::* And many others... 11
  12. 12. Credits ● ● ● Graham Barr <gbarr@pobox.com> Peter Marschall <peter@adpm.de> Chris Ridd <chris.ridd@isode.com> 12
  13. 13. Create a connection ● ● ● Create a new Net::LDAP object Specify host, port, scheme Other options: ● dsebug ● IO::Socket options ● async ● version (v3 is the default) ● onerror 13
  14. 14. Authentication ● ● ● ● Bind with a DN and a password Bind anonymously Bind with SASL Client certificate with startTLS 14
  15. 15. Search ● You need to provide: ● ● Scope ● Filter ● ● Base Attributes Search can return 0 entries and be successful 15
  16. 16. Entry ● ● Entries object are returned by search or generated from LDIF, or generated from scratch Methods to: ● browse attributes and values ● to add/modify/delete values ● export to LDIF 16
  17. 17. Add and delete ● Add method parameters: ● ● ● Net::LDAP::Entry DN and list of attributes Delete method parameters: ● Net::LDAP::Entry ● DN 17
  18. 18. Modification ● ● Add, replace, delete values Modification applies to one entry: ● ● ● Net::LDAP::Entry DN To rename/move an entry, use moddn: ● Define a new RDN ● Define a new superior 18
  19. 19. Password::Policy ● ● Password policy controls password quality at modification, and prevent brute force attack at authentication Net::LDAP::Control::PasswordPolicy: ● Sent by client ● Sent back by server 19
  20. 20. Usage::examples 20
  21. 21. Apache::Session::LDAP ● ● ● Implements Apache::Session interface Store sessions as entries in LDAP See also Apache::Session::Browseable::LDAP for indexed sessions 21
  22. 22. Scripts ● Provided by LDAP Tool Box project: ● Monitoring scripts: – – Check OpenLDAP syncrepl status – ● Check LDAP response time Check OpenLDAP monitor data Data manipulation: – CSV to LDIF or LDIF to LDIF – Convert data from SUN/Oracle to OpenLDAP 22
  23. 23. LemonLDAP::NG ● ● ● ● ● ● ● WebSSO, Access Control and Identity Federation free software Authentication against LDAP Password modification in LDAP Session storage in LDAP Configuration storage in LDAP Notification storage in LDAP Implements Password Policy 23
  24. 24. Almost the end... 24
  25. 25. Thanks ● Special thanks to: ● ● Company LINAGORA ● ● FOSDEM and their organizers All Perl developers Keep in touch: ● Twitter: @clementoudot ● IRC: KPTN #linagora@freenode ● Web: http://coudot.blogs.linagora.com 25
  26. 26. Questions? 26
  27. 27. Thanks for your attention http://www.linid.org Logiciels et services Open Source 80 rue Roque de Fillol l 92800 PUTEAUX Tel : 0810 251 251 l Fax : +33 1 46 96 63 64 www.linagora.com

×